Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 shim binary from Microsoft

Bug #1637290 reported by Mathieu Trudel-Lapierre
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
grub2 (Ubuntu)
Fix Released
High
Mathieu Trudel-Lapierre
Precise
Won't Fix
Undecided
Unassigned
Trusty
Fix Released
Undecided
Mathieu Trudel-Lapierre
Xenial
Fix Released
Undecided
Mathieu Trudel-Lapierre
Yakkety
Fix Released
Undecided
Mathieu Trudel-Lapierre
grub2-signed (Ubuntu)
Fix Released
High
Mathieu Trudel-Lapierre
Precise
Won't Fix
Undecided
Unassigned
Trusty
Fix Released
Undecided
Mathieu Trudel-Lapierre
Xenial
Fix Released
Undecided
Mathieu Trudel-Lapierre
Yakkety
Fix Released
Undecided
Mathieu Trudel-Lapierre
livecd-rootfs (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Robert C Jennings
Yakkety
Fix Released
Undecided
Unassigned
shim (Ubuntu)
Fix Released
High
Mathieu Trudel-Lapierre
Precise
Won't Fix
Undecided
Unassigned
Trusty
Fix Released
Undecided
Mathieu Trudel-Lapierre
Xenial
Fix Released
Undecided
Mathieu Trudel-Lapierre
Yakkety
Fix Released
Undecided
Mathieu Trudel-Lapierre
shim-signed (Ubuntu)
Fix Released
High
Mathieu Trudel-Lapierre
Precise
Won't Fix
Undecided
Unassigned
Trusty
Fix Released
Undecided
Mathieu Trudel-Lapierre
Xenial
Fix Released
Undecided
Mathieu Trudel-Lapierre
Yakkety
Fix Released
Undecided
Mathieu Trudel-Lapierre

Bug Description

[Impact]
We might want to boot securely one of these days.

[Test case]
1) Upgrading
- Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
- Verify that the new shimx64.efi file is under /boot/efi/EFI/ubuntu, along with mmx64.efi and fbx64.efi.
- Verify that /boot/efi/EFI/ubuntu/MokManager.efi no longer exists.
- Verify that trying to apt install grub alone, or apt install shim alone, pulls in the correct matching versions of packages and gives the same results.

2) Booting normally
- Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system, with Secure Boot enabled.
- Verify it boots successfully to the login prompt.
- There should be no messages about "Verification failure" or other errors before the kernel is loaded.

3) Network boot.
- Update to shim signed and grub2 signed EFI binaries on the TFTP server used.
- Verify that a network booting system still boots normally through shim and grub, reaching a login prompt.

4) BootEntry options
- Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
- Update or install fwupdate.
- Verify that new updates can be applied via fwupdate, that when an update is available, fwupdate will correctly start, apply the update, and reboot to shim normally, leading to a working system.

5) live builds
- confirm that the new version of livecd-rootfs has been published to -updates first, and that a daily build of the UEFI-enabled cloud images succeeds with the new shim filenames.

[Regression Potential]
Any failure to load the kernel from grub, or for shim to load grub, or for the system firmware to load shim (such as "Verification failure" messages) or failure to retrieve or parse BootEntry extended options (such as necessary to load MokManager or fwupdate) should be considered regressions.

Changed in grub2 (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Changed in grub2-signed (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Changed in shim (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Changed in shim-signed (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Changed in grub2 (Ubuntu):
importance: Undecided → High
Changed in grub2-signed (Ubuntu):
importance: Undecided → High
Changed in shim (Ubuntu):
importance: Undecided → High
Changed in shim-signed (Ubuntu):
importance: Undecided → High
Changed in grub2 (Ubuntu):
status: New → In Progress
status: In Progress → Fix Released
Changed in grub2-signed (Ubuntu):
status: New → Fix Released
Changed in shim (Ubuntu):
status: New → Fix Released
Changed in shim-signed (Ubuntu):
status: New → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Mathieu, or anyone else affected,

Accepted grub2 into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-36ubuntu11.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

description: updated
Changed in grub2 (Ubuntu Yakkety):
status: New → Fix Committed
tags: added: verification-needed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2-signed into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.74.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in grub2-signed (Ubuntu Yakkety):
status: New → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted shim-signed into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.21.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in shim-signed (Ubuntu Yakkety):
status: New → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote : Re: Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 shim binary from Microsoft

Bringing in the new upstream version of shim-signed also impacts livecd-rootfs, because the ubuntu-cpc scripts in livecd-rootfs have hard-coded logic around the UEFI filenames. So we need a fixed livecd-rootfs in each of the LTS releases before releasing the SRU of shim-signed+grub2 to those releases.

Changed in livecd-rootfs (Ubuntu):
assignee: nobody → Robert C Jennings (rcj)
Changed in livecd-rootfs (Ubuntu Xenial):
assignee: nobody → Robert C Jennings (rcj)
status: New → Triaged
Steve Langasek (vorlon)
description: updated
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Hello Mathieu, or anyone else affected,

Accepted grub2 into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-9ubuntu1.13 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in grub2 (Ubuntu Trusty):
status: New → Fix Committed
Changed in grub2-signed (Ubuntu Trusty):
status: New → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2-signed into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.34.15 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted shim-signed into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.21.4~14.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in shim-signed (Ubuntu Trusty):
status: New → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted shim-signed into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.21.4~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in shim-signed (Ubuntu Xenial):
status: New → Fix Committed
Changed in grub2 (Ubuntu Xenial):
status: New → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-36ubuntu3.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in grub2-signed (Ubuntu Xenial):
status: New → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2-signed into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.66.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote : Re: Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 shim binary from Microsoft

XENIAL:

Cases 1 and 2 (upgrade and booting normally) are verified.

The new shim behaves as expected and the new files are correctly installed; along with the old MokManager.efi removed. There is still network boot and BootEntry to test on Xenial.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

TRUSTY:

Cases 1 and 2 (upgrade and booting normally) are verified.

Case 4 is verified (created a new EFI BootEntry calling MokManager: sudo efibootmgr -c -L Mok -l \\EFI\\ubuntu\\shimx64.efi -u \\mmx64.efi).

Network boot is still left to be verified.

description: updated
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote : [grub2/trusty] possible regression found

As a part of the Stable Release Updates quality process a search for Launchpad bug reports using the version of grub2 from trusty-proposed was performed and bug 1641567 was found. Please investigate this bug report to ensure that a regression will not be created by this SRU. In the event that this is not a regression remove the "verification-failed" tag from this bug report and add the tag "bot-stop-nagging" to bug 1641567 (not this bug). Thanks!

tags: added: verification-failed
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote : Re: Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 shim binary from Microsoft

Bug 1641567 is a prior issue, unrelated to this fix; setting back to verification-done.

tags: removed: verification-failed
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote : [grub2/trusty] possible regression found

As a part of the Stable Release Updates quality process a search for Launchpad bug reports using the version of grub2 from trusty-proposed was performed and bug 1641567 was found. Please investigate this bug report to ensure that a regression will not be created by this SRU. In the event that this is not a regression remove the "verification-failed" tag from this bug report and add the tag "bot-stop-nagging" to bug 1641567 (not this bug). Thanks!

tags: added: verification-failed
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote : Re: Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 shim binary from Microsoft

XENIAL:

Verified cases 3 and 4; verification is done for shim, shim-signed, grub2, grub2-signed in xenial.

TRUSTY:

Verified case 3; verification is done for shim, shim-signed, grub2, grub2-signed in trusty.

Changed in livecd-rootfs (Ubuntu):
assignee: Robert C Jennings (rcj) → nobody
status: New → Fix Released
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Trusty isn't affected by this on the livecd-rootfs side.

Changed in livecd-rootfs (Ubuntu Trusty):
status: New → Won't Fix
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Precise isn't affected for livecd-rootfs.

Changed in livecd-rootfs (Ubuntu Precise):
status: New → Won't Fix
status: Won't Fix → Invalid
Changed in livecd-rootfs (Ubuntu Trusty):
status: Won't Fix → Invalid
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Hello Mathieu, or anyone else affected,

Accepted livecd-rootfs into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/livecd-rootfs/2.435.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in livecd-rootfs (Ubuntu Yakkety):
status: New → Fix Committed
tags: removed: verification-failed
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote : [grub2/trusty] possible regression found

As a part of the Stable Release Updates quality process a search for Launchpad bug reports using the version of grub2 from trusty-proposed was performed and bug 1641567 was found. Please investigate this bug report to ensure that a regression will not be created by this SRU. In the event that this is not a regression remove the "verification-failed" tag from this bug report and add the tag "bot-stop-nagging" to bug 1641567 (not this bug). Thanks!

tags: added: verification-failed
tags: removed: verification-failed
tags: added: verification-done-trusty
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Hello Mathieu, or anyone else affected,

Accepted livecd-rootfs into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/livecd-rootfs/2.408.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in livecd-rootfs (Ubuntu Xenial):
status: Triaged → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote : Re: Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 shim binary from Microsoft

Marking verification-failed on the basis of bug #1644806.

tags: added: verification-failed
removed: verification-done-trusty verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package livecd-rootfs - 2.435.1

---------------
livecd-rootfs (2.435.1) yakkety; urgency=medium

  [ Robert C Jennings ]
  * ubuntu-cpc: Remove redundant copy of grub files. (LP: #1637290)

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 17 Nov 2016 16:13:28 -0500

Changed in livecd-rootfs (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for livecd-rootfs has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

summary: - Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 shim binary from
+ Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 shim binary from
Microsoft
tags: removed: verification-failed
Changed in grub2 (Ubuntu Trusty):
status: Fix Committed → In Progress
Changed in grub2 (Ubuntu Xenial):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: Fix Committed → In Progress
Changed in grub2 (Ubuntu Trusty):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Changed in grub2 (Ubuntu Yakkety):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: Fix Committed → In Progress
Changed in grub2-signed (Ubuntu Trusty):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: Fix Committed → In Progress
Changed in grub2-signed (Ubuntu Xenial):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: Fix Committed → In Progress
Changed in grub2-signed (Ubuntu Yakkety):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: Fix Committed → In Progress
Changed in livecd-rootfs (Ubuntu Xenial):
status: Fix Committed → In Progress
Changed in shim (Ubuntu Trusty):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: New → In Progress
Changed in shim (Ubuntu Xenial):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: New → In Progress
Changed in shim (Ubuntu Yakkety):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: New → In Progress
Changed in shim-signed (Ubuntu Trusty):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: Fix Committed → In Progress
Changed in shim-signed (Ubuntu Xenial):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: Fix Committed → In Progress
Changed in shim-signed (Ubuntu Yakkety):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
status: Fix Committed → In Progress
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Mathieu, or anyone else affected,

Accepted livecd-rootfs into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/livecd-rootfs/2.408.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in livecd-rootfs (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-36ubuntu3.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in grub2 (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in grub2-signed (Ubuntu Xenial):
status: In Progress → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2-signed into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.66.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Steve Langasek (vorlon)
Changed in shim (Ubuntu Xenial):
status: In Progress → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote : Proposed package upload rejected

An upload of shim-signed to xenial-proposed has been rejected from the upload queue for the following reason: "reupload with -v".

Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Mathieu, or anyone else affected,

Accepted shim-signed into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.27~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in shim-signed (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in grub2 (Ubuntu Yakkety):
status: In Progress → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2 into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-36ubuntu11.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in grub2-signed (Ubuntu Yakkety):
status: In Progress → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2-signed into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.74.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted shim-signed into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.27~16.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in shim-signed (Ubuntu Yakkety):
status: In Progress → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

I have locally verified livecd-rootfs by running

launchpad-buildd/buildlivefs --arch amd64 --project ubuntu-cpc --series xenial --build-id output --proposed

This fails when livecd-rootfs 2.408.8 is installed in the build chroot. It succeeds when livecd-rootfs 2.408.9 is installed in the build chroot.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package livecd-rootfs - 2.408.9

---------------
livecd-rootfs (2.408.9) xenial; urgency=medium

  [ Daniel Watkins ]
  * Don't overwrite the default sources.list in cloud images.
  * Replace sources.list generated using COMPONENTS with the sources.list from
    an Ubuntu Server installation (i.e. with all components enabled, and all
    deb-src lines commented). LP: #1513529.

  [ Chris Glass ]
  * Fix the manifest generation in OVA files so that ovf files don't have
    double extensions. (LP: #1627931)
  * Fix the OVF's metadata to include Ubuntu specific identifiers and
    descriptions instead of the generic Linux ones. (LP: #1656293)

  [ Daniel Watkins ]
  * Add replace_grub_root_with_label function thereby consolidating multiple
    uses of the same calls to sed.

  [ Robert C Jennings ]
  * ubuntu-cpc: Remove redundant copy of grub files. (LP: #1637290)

 -- Robert C Jennings <email address hidden> Thu, 23 Mar 2017 14:40:59 -0400

Changed in livecd-rootfs (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Verified on Xenial:

shim:
  Installed: 0.9+1474479173.6c180c6-1ubuntu1
  Candidate: 0.9+1474479173.6c180c6-1ubuntu1
  Version table:
 *** 0.9+1474479173.6c180c6-1ubuntu1 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     0.8-0ubuntu2 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
shim-signed:
  Installed: 1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1
  Candidate: 1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1
  Version table:
 *** 1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     1.19~16.04.1+0.8-0ubuntu2 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
     1.12+0.8-0ubuntu2 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
grub-efi-amd64:
  Installed: 2.02~beta2-36ubuntu3.9
  Candidate: 2.02~beta2-36ubuntu3.9
  Version table:
 *** 2.02~beta2-36ubuntu3.9 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2.02~beta2-36ubuntu3.8 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
     2.02~beta2-36ubuntu3 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
grub-efi-amd64-signed:
  Installed: 1.66.9+2.02~beta2-36ubuntu3.9
  Candidate: 1.66.9+2.02~beta2-36ubuntu3.9
  Version table:
 *** 1.66.9+2.02~beta2-36ubuntu3.9 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     1.66.8+2.02~beta2-36ubuntu3.8 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
     1.66+2.02~beta2-36ubuntu3 500
        500 http://ca.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

tags: added: verification-done-xenial
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Verified on Yakkety:

shim:
  Installed: 0.9+1474479173.6c180c6-1ubuntu1
  Candidate: 0.9+1474479173.6c180c6-1ubuntu1
  Version table:
 *** 0.9+1474479173.6c180c6-1ubuntu1 500
        500 http://ca.archive.ubuntu.com/ubuntu yakkety-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     0.9+1465500757.14a5905.is.0.8-0ubuntu3 500
        500 http://ca.archive.ubuntu.com/ubuntu yakkety/main amd64 Packages
shim-signed:
  Installed: 1.27~16.10.1+0.9+1474479173.6c180c6-1ubuntu1
  Candidate: 1.27~16.10.1+0.9+1474479173.6c180c6-1ubuntu1
  Version table:
 *** 1.27~16.10.1+0.9+1474479173.6c180c6-1ubuntu1 500
        500 http://ca.archive.ubuntu.com/ubuntu yakkety-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     1.21.3+0.9+1465500757.14a5905.is.0.8-0ubuntu3 500
        500 http://ca.archive.ubuntu.com/ubuntu yakkety/main amd64 Packages
grub-efi-amd64:
  Installed: 2.02~beta2-36ubuntu11.2
  Candidate: 2.02~beta2-36ubuntu11.2
  Version table:
 *** 2.02~beta2-36ubuntu11.2 500
        500 http://ca.archive.ubuntu.com/ubuntu yakkety-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2.02~beta2-36ubuntu11 500
        500 http://ca.archive.ubuntu.com/ubuntu yakkety/main amd64 Packages
grub-efi-amd64-signed:
  Installed: 1.74.2+2.02~beta2-36ubuntu11.2
  Candidate: 1.74.2+2.02~beta2-36ubuntu11.2
  Version table:
 *** 1.74.2+2.02~beta2-36ubuntu11.2 500
        500 http://ca.archive.ubuntu.com/ubuntu yakkety-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     1.74+2.02~beta2-36ubuntu11 500
        500 http://ca.archive.ubuntu.com/ubuntu yakkety/main amd64 Packages

tags: added: verification-done-yakkety
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package shim-signed - 1.27~16.10.1

---------------
shim-signed (1.27~16.10.1) yakkety; urgency=medium

  * Backport shim 0.9+1474479173.6c180c6-1ubuntu1 to 16.10. (LP: #1637290)

shim-signed (1.27) zesty; urgency=medium

  [ Steve Langasek ]
  * Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 binary from
    Microsoft.
  * update-secureboot-policy:
    - detect when we have no debconf prompting and error out instead of ending
      up in an infinite loop. LP: #1673817.
    - refactor to make the code easier to follow.
    - remove a confusing boolean that would always re-prompt on a request to
      --enable, but not on a request to --disable.

  [ Mathieu Trudel-Lapierre ]
  * update-secureboot-policy:
    - some more fixes to properly handle non-interactive mode. (LP: #1673817)

shim-signed (1.23) zesty; urgency=medium

  * debian/control: bump the Depends on grub2-common since that's needed to
    install with the new updated EFI binaries filenames.

shim-signed (1.22) yakkety; urgency=medium

  * Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft.
    (LP: #1581299)
  * Update paths now that the shim binary has been renamed to include the
    target architecture.
  * debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu;
    since it's being replaced by mm$arch.efi.

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 23 Mar 2017 16:58:44 -0400

Changed in shim-signed (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2 - 2.02~beta2-36ubuntu11.2

---------------
grub2 (2.02~beta2-36ubuntu11.2) yakkety; urgency=medium

  * debian/patches/install_signed.patch: update to use the new names for the
    shim binary (shim$arch), MokManager (mm$arch) and add fallback (fb$arch).
    (LP: #1637290)
  * debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) for the
    renamed EFI binaries.

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 22 Sep 2016 12:34:56 -0400

Changed in grub2 (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2-signed - 1.74.2

---------------
grub2-signed (1.74.2) yakkety; urgency=medium

  * Rebuild against grub2 2.02~beta2-36ubuntu11.1. (LP: #1637290)

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 23 Mar 2017 15:13:53 -0400

Changed in grub2-signed (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package shim-signed - 1.27~16.04.1

---------------
shim-signed (1.27~16.04.1) xenial; urgency=medium

  * Backport shim 0.9+1474479173.6c180c6-1ubuntu1 to 16.04. (LP: #1637290)

shim-signed (1.27) zesty; urgency=medium

  [ Steve Langasek ]
  * Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 binary from
    Microsoft.
  * update-secureboot-policy:
    - detect when we have no debconf prompting and error out instead of ending
      up in an infinite loop. LP: #1673817.
    - refactor to make the code easier to follow.
    - remove a confusing boolean that would always re-prompt on a request to
      --enable, but not on a request to --disable.

  [ Mathieu Trudel-Lapierre ]
  * update-secureboot-policy:
    - some more fixes to properly handle non-interactive mode. (LP: #1673817)

shim-signed (1.23) zesty; urgency=medium

  * debian/control: bump the Depends on grub2-common since that's needed to
    install with the new updated EFI binaries filenames.

shim-signed (1.22) yakkety; urgency=medium

  * Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft.
    (LP: #1581299)
  * Update paths now that the shim binary has been renamed to include the
    target architecture.
  * debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu;
    since it's being replaced by mm$arch.efi.

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 23 Mar 2017 16:58:44 -0400

Changed in shim-signed (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2 - 2.02~beta2-36ubuntu3.9

---------------
grub2 (2.02~beta2-36ubuntu3.9) xenial; urgency=medium

  * debian/patches/install_signed.patch: update to use the new names for the
    shim binary (shim$arch), MokManager (mm$arch) and add fallback (fb$arch).
    (LP: #1637290)
  * debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) for the
    renamed EFI binaries.

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 08 Nov 2016 14:42:24 -0500

Changed in grub2 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2-signed - 1.66.9

---------------
grub2-signed (1.66.9) xenial; urgency=medium

  * Rebuild against grub2 2.02~beta2-36ubuntu3.8. (LP: #1637290)

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 23 Mar 2017 16:22:31 -0400

Changed in grub2-signed (Ubuntu Xenial):
status: Fix Committed → Fix Released
Robert C Jennings (rcj)
Changed in livecd-rootfs (Ubuntu Trusty):
status: Invalid → New
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2 into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02~beta2-9ubuntu1.14 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in grub2 (Ubuntu Precise):
status: New → Won't Fix
Changed in grub2 (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-trusty
Changed in grub2-signed (Ubuntu Trusty):
status: In Progress → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted grub2-signed into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.34.16 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Verification-done for trusty; using grub2 2.02~beta2-9ubuntu1.14 / grub2-signed 1.34.16:

The new names for shim binaries are in place and correctly installed by grub.

tags: added: verification-done-trusty
removed: verification-needed verification-needed-trusty
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2-signed - 1.34.16

---------------
grub2-signed (1.34.16) trusty; urgency=medium

  * Rebuild against grub-efi-amd64 2.02~beta2-9ubuntu1.14 (LP: #1637290)

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 14 Jul 2017 15:33:38 -0400

Changed in grub2-signed (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2 - 2.02~beta2-9ubuntu1.14

---------------
grub2 (2.02~beta2-9ubuntu1.14) trusty; urgency=medium

  * debian/patches/install_signed.patch: update to use the new names for the
    shim binary (shim$arch) and MokManager (mm$arch). (LP: #1637290)
  * debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) for the
    renamed EFI binaries.

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 14 Jul 2017 12:20:11 -0400

Changed in grub2 (Ubuntu Trusty):
status: Fix Committed → Fix Released
Steve Langasek (vorlon)
Changed in grub2-signed (Ubuntu Precise):
status: New → Won't Fix
Changed in shim (Ubuntu Precise):
status: New → Won't Fix
Changed in shim-signed (Ubuntu Precise):
status: New → Won't Fix
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Trusty's livecd-rootfs also already carries the fix here to not copy again over grub's images, and use grub-install:

https://launchpad.net/ubuntu/+source/livecd-rootfs/2.208.14

"* ubuntu-cpc: Remove redundant copy of grub files."

Changed in livecd-rootfs (Ubuntu Trusty):
status: New → Fix Released
Changed in shim (Ubuntu Xenial):
status: Fix Committed → Fix Released
Changed in shim (Ubuntu Yakkety):
status: In Progress → Won't Fix
Revision history for this message
Mathew Hodson (mhodson) wrote :

This was fixed in Trusty.
---

shim-signed (1.32~14.04.2) trusty; urgency=medium

  * Backport shim-signed 1.32 to 14.04. (LP: #1700170)

[...]

  [ Steve Langasek ]
  * Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 binary from
    Microsoft.

Changed in shim-signed (Ubuntu Trusty):
status: In Progress → Fix Released
Revision history for this message
Mathew Hodson (mhodson) wrote :

This bug was fixed for Trusty in shim 0.9+1474479173.6c180c6-1ubuntu1

---------------
shim (0.9+1474479173.6c180c6-1ubuntu1) zesty; urgency=medium

  [ Steve Langasek ]
  * Merge (not yet NEW cleared) changes from Debian branch.

  [ Mathieu Trudel-Lapierre ]
  * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: guard
    against errors in mirroring MokSBState to MokSBStateRT. Thanks to Ivan Hu
    for the patch. This will fix issues updating MokSBStateRT if the variable
    already exists with different attributes. (LP: #1644806)

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 01 Dec 2016 16:55:50 -0500

Changed in shim (Ubuntu Trusty):
status: In Progress → Fix Released
Changed in shim (Ubuntu Yakkety):
status: Won't Fix → Fix Released
Changed in livecd-rootfs (Ubuntu Precise):
status: Invalid → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.